1. Technical Field
The present invention relates generally to techniques for cloaking a Web site origin server from the public Internet while still ensuring that content otherwise available from the site is delivered quickly and without fail, regardless of a user location.
2. Description of the Related Art
Today's Web sites are a double-edged sword. They present enterprises with the opportunity for both resounding success and costly, dramatic failure. The possibility for either scenario to occur is chiefly due to the Internet's open design. Indeed, the ability to reach a global community of customers and partners via the Web comes with serious security risks. The open design means that enterprises must expose themselves by opening a public entry-point to get the global reach they need. Couple that with the inherent weaknesses of centralized infrastructure and there is a recipe for failure. Indeed, a growing number of threats can bring a site down daily. These threats include hacker attacks, viruses, Internet worms, content tampering and constant Denial of Service (DoS) attacks. DoS attacks are well known but few realize how rapidly they evolve, as witnessed by self-propagating worms, use of Internet Relay Chat (IRC) technology, attacks against routers and other techniques. The University of California at San Diego's Cooperative Association for Internet Data Analysis (CAIDA) estimates that over 4,000 Web sites are attacked in this way every week.
Any one of these threats can produce unpredictable site disruptions that impede revenue operations, dilute brand investments, hamper productivity and reduce goodwill and reputation. In the past, an enterprise's only defense was to maintain vigilant and expensive system upgrades to current with constantly evolving assaults, as it has been considered impossible to eliminate public entry points into a site's Web servers.
Enterprise firewalls do not adequately address the problem. While firewalls attempt to discard malicious packets, they are not a complete protection as they themselves are on the public Internet and are susceptible to DoS attacks. When a firewall filters packets, CPU resources are consumed by seemingly authentic requests. At best, a firewall can limit exposure, but some portion of the site's infrastructure is still publicly available and susceptible to attack
It would be highly desirable to provide an additional layer of protection to ensure business continuity of an enterprise Web site.